With the rapid development of network technology, frequent cyber attacks, especially advanced persistent threats (APTs), seriously affect national security and social stability. Under the continuous evolution of encryption, obfuscation, and camouflage techniques, intelligent analysis of network traffic is considered an effective means to improve threat detection capability. However, when processing massive volumes of network traffic data, existing methods still suffer from high analysis complexity and weak model interpretability. Flow spectrum adopts domain transformation as a unified solution by constructing a more accurate, highly separable, and observable description space for network flow data, thereby enabling efficient characterization, representation and analysis of network behaviors and effectively addressing the above issues. Inspired by the atomic spectrum, this study proposes a novel flow spectrum scheme. The core idea is achieve a concrete representation of network behaviors by mapping network flows into a one-dimensional spectral space, and to detect network traffic threats through flow spectrum comparison, in which the design of an effective flow spectrum decomposer is crucial. In this study, the flow spectrum decomposer is constructed based on a semi-supervised autoencoder and is trained by jointly performing reconstruction and classification tasks, enabling spectral line distributions of different network behaviors to exhibit strong separability. The proposed scheme is validated on the NSL-KDD, UNSW-NB15, and CIC-DDoS2019 datasets. Experimental results show that the proposed scheme achieves high detection accuracy for network threat behaviors while providing differentiated representations for various network traffic behaviors, significantly enhancing network behavior observability and improving the interpretability of threat detection methods. Therefore, the proposed flow spectrum scheme is effective for network traffic threat detection.